Qbot Office (OOXML) / .XLSX malware analysis — malicious · c0bf41f1073c7d96

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e883b55be3fe9f515f9890ed1dee226d SHA-1: d27e69ba6ca5be6ceb3fcfb8276d63611296cb05 SHA-256: c0bf41f1073c7d966561a735cdd23386063bf249ae67800a69a25ecceb7e4786

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating a Qbot family infection. As an Excel dropper, its primary function is to execute malicious code, likely a second-stage payload. The SHA256 hash of the file itself is included as an IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.